Skip to content

Commit 7960697

Browse files
Merge pull request #112 from NVIDIA/release/v2.6.2
Authorization header updated to Bearer + pytests
2 parents d0d6536 + cc883f6 commit 7960697

File tree

28 files changed

+838
-22
lines changed

28 files changed

+838
-22
lines changed

guest_tools/attestation_sdk/README.md

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -83,11 +83,11 @@ Please execute the following commands to clean up packages that were not install
8383
8484
- Local GPU Attestation
8585
86-
Refer to the [sample implementation](tests/end_to_end/hardware/LocalGPUTest.py)
86+
Refer to the [sample implementation](tests/end_to_end/hardware/sample/LocalGPUTest.py)
8787
8888
- Remote GPU Attestation
8989
90-
Refer to the [sample implementation](tests/end_to_end/hardware/RemoteGPUTest.py)
90+
Refer to the [sample implementation](tests/end_to_end/hardware/sample/RemoteGPUTest.py)
9191
9292
## Switch Attestation
9393
@@ -124,7 +124,7 @@ Please note that the Schema/EAT claim information is subject to change in future
124124
125125
### Driver Version
126126
- Use the latest GPU verifier version for optimal compatibility with the most recent drivers.
127-
- For attestation-specific platforms like Blackwell, ensure device-specific CC-enabled drivers are installed (e.g., R575 for Blackwell).
127+
- For attestation-specific platforms like Blackwell, ensure device-specific CC-enabled drivers are installed (e.g., R575 or above for Blackwell).
128128
- For RTX PRO 6000 Blackwell platforms, ensure that compatible drivers R580 or later are installed
129129
130130
### Claims Version
@@ -147,6 +147,7 @@ v2.4.0 | 2.0, 3.0
147147
v2.5.0 | 2.0, 3.0
148148
v2.6.0 | 2.0, 3.0
149149
v2.6.1 | 2.0, 3.0
150+
v2.6.2 | 2.0, 3.0
150151
151152
More information on claims can be found [here](../attestation_troubleshooting_guide.md)
152153

guest_tools/attestation_sdk/pyproject.toml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[tool.poetry]
22
name = "nv-attestation-sdk"
3-
version = "2.6.1"
3+
version = "2.6.2"
44
description = "The Attestation SDK provides developers with a easy to use APIs for implementing attestation capabilities into their applications."
55
authors = ["Karthik Jayaraman <kjayaraman@nvidia.com>"]
66
readme = "README.md"
@@ -22,7 +22,7 @@ xmlschema = "==2.2.3"
2222
pyOpenSSL = "==24.2.1"
2323
PyJWT = "==2.7.0"
2424
nvidia-ml-py = ">=12.535.77"
25-
nv-local-gpu-verifier = "2.6.1"
25+
nv-local-gpu-verifier = "2.6.2"
2626
build = ">=0.7.0"
2727
twine = ">=3.7.1"
2828
pylint = ">=2.9.6"
@@ -41,4 +41,4 @@ requires = ["poetry-core>=1.0.0"]
4141
build-backend = "poetry.core.masonry.api"
4242

4343
# [tool.poetry.package.data]
44-
# nv_attestation_sdk = ["verifiers/nv_switch_verifier/rim/*.xsd", "verifiers/nv_switch_verifier/certs/*.pem"]
44+
# nv_attestation_sdk = ["verifiers/nv_switch_verifier/rim/*.xsd", "verifiers/nv_switch_verifier/certs/*.pem"]

guest_tools/attestation_sdk/src/nv_attestation_sdk/utils/headers.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,4 +2,4 @@
22

33
"""Maintains the set of request headers for service calls to dependent URL's"""
44
OCSP_ALLOW_CERT_HOLD = "X-NVIDIA-OCSP-ALLOW-CERT-HOLD"
5-
SERVICE_KEY_VALUE = "nv-sak {}"
5+
SERVICE_KEY_VALUE = "Bearer {}"

guest_tools/attestation_sdk/src/nv_attestation_sdk/verifiers/nv_switch_verifier/rim/xml.xsd

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -284,4 +284,3 @@
284284
</xs:annotation>
285285

286286
</xs:schema>
287-
Lines changed: 83 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,83 @@
1+
#!/usr/bin/env python3
2+
# -*- coding: utf-8 -*-
3+
#
4+
# Copyright (c) 2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
5+
#
6+
import pytest
7+
import subprocess
8+
9+
DEFAULT_NRAS_GPU_URL = "https://nras.attestation.nvidia.com/v3/attest/gpu"
10+
DEFAULT_NRAS_SWITCH_URL = "https://nras.attestation.nvidia.com/v3/attest/switch"
11+
DEFAULT_RIM_SERVICE_URL = "https://rim.attestation.nvidia.com/v1/rim/"
12+
DEFAULT_OCSP_URL = "https://ocsp.ndis.nvidia.com/"
13+
DEFAULT_TRUST_OUTPOST_RIM_SERVICE_URL = "https://rim.attestation.nvidia.com/v1/rim/"
14+
DEFAULT_TRUST_OUTPOST_OCSP_URL = "https://ocsp.ndis.nvidia.com"
15+
16+
def pytest_addoption(parser):
17+
parser.addoption("--nras-gpu-url", action="store", default=DEFAULT_NRAS_GPU_URL,
18+
help="NRAS URL for GPU attestation (default: %(default)s)")
19+
parser.addoption("--nras-switch-url", action="store", default=DEFAULT_NRAS_GPU_URL,
20+
help="NRAS URL for Switch attestation (default: %(default)s)")
21+
parser.addoption("--rim-url", action="store", default=DEFAULT_RIM_SERVICE_URL,
22+
help="RIM URL for attestation (default: %(default)s)")
23+
parser.addoption("--ocsp-url", action="store", default=DEFAULT_OCSP_URL,
24+
help="OCSP URL for attestation (default: %(default)s)")
25+
parser.addoption("--trust-outpost-rim-url", action="store", default=DEFAULT_TRUST_OUTPOST_RIM_SERVICE_URL,
26+
help="RIM URL for Trust Outpost attestation (default: %(default)s)")
27+
parser.addoption("--trust-outpost-ocsp-url", action="store", default=DEFAULT_TRUST_OUTPOST_OCSP_URL,
28+
help="OCSP URL for Trust Outpost attestation (default: %(default)s)")
29+
parser.addoption("--service-key", action="store", default=None,
30+
help="Service key for calling attestation services (default: %(default)s)")
31+
32+
@pytest.fixture(autouse=True)
33+
def nras_gpu_url(request, monkeypatch):
34+
"""Fixture to get the NRAS GPU URL from command line or use default. This also sets the environment variable NV_NRAS_GPU_URL"""
35+
nras_gpu_url = request.config.getoption("--nras-gpu-url")
36+
if nras_gpu_url is not None:
37+
monkeypatch.setenv("NV_NRAS_GPU_URL", nras_gpu_url)
38+
return nras_gpu_url
39+
40+
@pytest.fixture(autouse=True)
41+
def nras_switch_url(request, monkeypatch):
42+
"""Fixture to get the NRAS Switch URL from command line or use default. This also sets the environment variable NV_NRAS_NVSWITCH_URL"""
43+
nras_switch_url = request.config.getoption("--nras-switch-url")
44+
if nras_switch_url is not None:
45+
monkeypatch.setenv("NV_NRAS_NVSWITCH_URL", nras_switch_url)
46+
return nras_switch_url
47+
48+
@pytest.fixture(autouse=True)
49+
def rim_url(request, monkeypatch):
50+
"""Fixture to get the RIM URL from command line or use default. This also sets the environment variable NV_RIM_URL"""
51+
rim_url = request.config.getoption("--rim-url")
52+
if rim_url is not None:
53+
monkeypatch.setenv("NV_RIM_URL", rim_url)
54+
return rim_url
55+
56+
@pytest.fixture(autouse=True)
57+
def trust_outpost_rim_url(request, monkeypatch):
58+
"""Fixture to get the Trust Outpost RIM URL from command line or use default. This also sets the environment variable NV_RIM_URL"""
59+
trust_outpost_rim_url = request.config.getoption("--trust-outpost-rim-url")
60+
if trust_outpost_rim_url is not None:
61+
monkeypatch.setenv("NV_RIM_URL", trust_outpost_rim_url)
62+
return trust_outpost_rim_url
63+
64+
@pytest.fixture
65+
def ocsp_url(request, monkeypatch):
66+
"""Fixture to get the OCSP URL from command line or use default. This also sets the environment variable NV_OCSP_URL"""
67+
ocsp_url = request.config.getoption("--ocsp-url")
68+
if ocsp_url is not None:
69+
monkeypatch.setenv("NV_OCSP_URL", ocsp_url)
70+
return ocsp_url
71+
72+
@pytest.fixture
73+
def trust_outpost_ocsp_url(request, monkeypatch):
74+
"""Fixture to get the Trust Outpost OCSP URL from command line or use default. This also sets the environment variable NV_OCSP_URL"""
75+
trust_outpost_ocsp_url = request.config.getoption("--trust-outpost-ocsp-url")
76+
if trust_outpost_ocsp_url is not None:
77+
monkeypatch.setenv("NV_OCSP_URL", trust_outpost_ocsp_url)
78+
return trust_outpost_ocsp_url
79+
80+
@pytest.fixture
81+
def service_key(request):
82+
"""Fixture to get the service key from command line or use default"""
83+
return request.config.getoption("--service-key")

guest_tools/attestation_sdk/tests/end_to_end/hardware/LocalGPUTest.py renamed to guest_tools/attestation_sdk/tests/end_to_end/hardware/sample/LocalGPUTest.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@
1414
client.set_claims_version("3.0")
1515

1616
print ("[LocalGPUTest] node name :", client.get_name())
17-
file = "../../policies/local/NVGPULocalv4PolicyExample.json"
17+
file = "../../../policies/local/NVGPULocalv4PolicyExample.json"
1818

1919
client.add_verifier(attestation.Devices.GPU, attestation.Environment.LOCAL, "", "")
2020

guest_tools/attestation_sdk/tests/end_to_end/hardware/LocalGPUTest_ServiceKey.py renamed to guest_tools/attestation_sdk/tests/end_to_end/hardware/sample/LocalGPUTest_ServiceKey.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@
1414
client.set_nonce("931d8dd0add203ac3d8b4fbde75e115278eefcdceac5b87671a748f32364dfcb")
1515

1616
print ("[LocalGPUTest] node name :", client.get_name())
17-
file = "../../policies/local/NVGPULocalPolicyExample.json"
17+
file = "../../../policies/local/NVGPULocalPolicyExample.json"
1818

1919
client.add_verifier(attestation.Devices.GPU, attestation.Environment.LOCAL, "", "")
2020

guest_tools/attestation_sdk/tests/end_to_end/hardware/LocalGPUTest_claims_2.0.py renamed to guest_tools/attestation_sdk/tests/end_to_end/hardware/sample/LocalGPUTest_claims_2.0.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313
client.set_nonce("931d8dd0add203ac3d8b4fbde75e115278eefcdceac5b87671a748f32364dfcb")
1414

1515
print ("[LocalGPUTest] node name :", client.get_name())
16-
file = "../../policies/local/NVGPULocalPolicyExample.json"
16+
file = "../../../policies/local/NVGPULocalPolicyExample.json"
1717

1818
client.add_verifier(attestation.Devices.GPU, attestation.Environment.LOCAL, "", "")
1919

guest_tools/attestation_sdk/tests/end_to_end/hardware/RemoteGPUTest.py renamed to guest_tools/attestation_sdk/tests/end_to_end/hardware/sample/RemoteGPUTest.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@
2727
print("[RemoteGPUTest] token : " + str(client.get_token()))
2828
print("[RemoteGPUTest] call validate_token() - expecting True")
2929

30-
file = "../../policies/remote/v4/NVGPURemotePolicyExample.json"
30+
file = "../../../policies/remote/v4/NVGPURemotePolicyExample.json"
3131
with open(os.path.join(os.path.dirname(__file__), file)) as json_file:
3232
json_data = json.load(json_file)
3333
remote_att_result_policy = json.dumps(json_data)

guest_tools/attestation_sdk/tests/end_to_end/hardware/RemoteGPUTest_ServiceKey.py renamed to guest_tools/attestation_sdk/tests/end_to_end/hardware/sample/RemoteGPUTest_ServiceKey.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@
2727
print("[RemoteGPUTest] token : " + str(client.get_token()))
2828
print("[RemoteGPUTest] call validate_token() - expecting True")
2929

30-
file = "../../policies/remote/v3/NVGPURemotePolicyExample.json"
30+
file = "../../../policies/remote/v3/NVGPURemotePolicyExample.json"
3131
with open(os.path.join(os.path.dirname(__file__), file)) as json_file:
3232
json_data = json.load(json_file)
3333
remote_att_result_policy = json.dumps(json_data)

0 commit comments

Comments
 (0)